I am working with credit card details atm and am currently storing them in the browser session over an SSL encrypted connection. They are not being passed around between different pages, they are taken on the last page of my checkout and immediately emailed to our administrator. The session is of course destroyed immediately after.
Is this the sensible way to it? Am I relatively safe from hackers over SSL? I have steered well clear of cookies as I have heard so many horror stories.
Normally I wouldn't be writing a custom payment module but the CMS I am using did not have what I needed.
My thinking is that there must be an industry standard way to do this, rules that even smaller development teams can follow?
Anyway I will be interested to know your thoughts on this matter.